[Git][NTPsec/ntpsec][master] In pylib/packet.py, remove dependency on C encryption code.
Eric S. Raymond
gitlab at mg.gitlab.com
Mon Oct 31 11:13:35 UTC 2016
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
746cd933 by Eric S. Raymond at 2016-10-31T06:46:55-04:00
In pylib/packet.py, remove dependency on C encryption code.
- - - - -
4 changed files:
- INSTALL
- libntp/wscript
- ntpq/pyntpq
- pylib/packet.py
Changes:
=====================================
INSTALL
=====================================
--- a/INSTALL
+++ b/INSTALL
@@ -135,16 +135,6 @@ The OS X build of NTPsec requires the OS X port of the libevent2 library:
You can use 3rd party packages such as Macports or HomeBrew for
this library if you wish and they have it available.
-== Conflicts ==
-
-The work-in-progress Python translation of ntpq uses a Python extension
-module that has conflicts with the following packages:
-
-Ubuntu: libssl-dev
-CentOS: openssl-devel
-
-We hope to work around this in a future release.
-
== Basic Installation ==
These are generic Unix installation instructions.
=====================================
libntp/wscript
=====================================
--- a/libntp/wscript
+++ b/libntp/wscript
@@ -4,18 +4,25 @@ def build(ctx):
srcnode = ctx.srcnode.abspath()
libntp_source = [
+ "a_md5encrypt.c",
"atolfp.c",
+ "authkeys.c",
+ "authreadkeys.c",
+ "authusekey.c",
# "calyearstart.c",
"clocktime.c",
"decodenetnum.c",
+ "emalloc.c",
"dofptoa.c",
"dolfptoa.c",
"getopt.c",
"initnetwork.c",
"lib_strbuf.c",
"machines.c",
+ "md5.c",
"modetoa.c",
"mstolfp.c",
+ "msyslog.c",
"netof.c",
"ntp_endian.c",
"ntp_intres.c",
@@ -29,6 +36,7 @@ def build(ctx):
"socket.c",
"socktoa.c",
"socktohost.c",
+ "ssl_init.c",
"strl_obsd.c",
"syssignal.c",
"timetoa.c",
@@ -38,19 +46,11 @@ def build(ctx):
]
libntp_source_sharable = [
- "a_md5encrypt.c",
- "authkeys.c",
- "authreadkeys.c",
- "authusekey.c",
- "emalloc.c",
"hextolfp.c",
"humandate.c",
"lib_strbuf.c",
- "md5.c",
- "msyslog.c",
"ntp_calendar.c",
"prettydate.c",
- "ssl_init.c",
"statestr.c",
]
=====================================
ntpq/pyntpq
=====================================
--- a/ntpq/pyntpq
+++ b/ntpq/pyntpq
@@ -9,7 +9,7 @@
from __future__ import print_function, division
import os, sys, getopt, cmd, errno, curses, curses.ascii
-import socket, select, struct, shlex, time
+import socket, select, struct, shlex, time, hashlib
from ntp.packet import *
from ntp.util import *
@@ -184,7 +184,7 @@ usage: help [ command ]
if len(self.peers) == 0:
if self.chosts:
- self.say("server=%s ", self.session.hostname)
+ self.say("server=%s " % self.session.hostname)
self.say("No association IDs returned\n")
return False
@@ -757,7 +757,14 @@ usage: ntpversion [ version number ]
def do_keytype(self, line):
"set key type to use for authenticated requests"
- self.warn("Authentication is not yet implemented")
+ if not line:
+ self.say("Keytype: %s\n" % self.session.keytype)
+ elif not line in "DSA, DSA-SHA, MD4, MD5, MDC2, RIPEMD160, SHA, SHA1":
+ self.warn("Keytype %s is not supported by ntpd.")
+ elif line not in hashlib.algorithms_available:
+ self.warn("Keytype %s is not supported by ntpq.")
+ else:
+ self.session.keytype = line
def help_keytype(self):
self.say("""\
=====================================
pylib/packet.py
=====================================
--- a/pylib/packet.py
+++ b/pylib/packet.py
@@ -5,7 +5,7 @@
#
# SPDX-License-Identifier: BSD-2-clause
from __future__ import print_function, division
-import sys, socket, select, struct, curses.ascii, collections
+import sys, socket, select, struct, curses.ascii, collections, getpass, hashlib
# General notes on Python 2/3 compatibility:
#
@@ -283,6 +283,7 @@ class Mode6Session:
self.secondary_timeout = 3000 # Timeout for later selects
self.pktversion = NTP_OLDVERSION + 1 # Packet version number we use
self.always_auth = False # Always send authenticated requests
+ self.keytype = "md5"
self.keyid = None
self.password = None
self.hostname = None
@@ -408,34 +409,35 @@ class Mode6Session:
if not auth and not self.always_auth:
return pkt.send()
- # Following code is a non-working prototype
+ # Following code is a non-working prototype
# Pad out packet to a multiple of 8 octets to be sure
# receiver can handle it.
while ((Packet.HEADER_LEN + len(pkt.extension)) % 8):
- pkt.extension.append(u"\x0000")
+ pkt.extension += u"\x0000"
# Get the keyid and the password if we don't have one.
if self.keyid is None:
- key_id = getkeyid("Keyid: ");
- if key_id == 0 or key_id > NTP_MAXKEY:
+ try:
+ key_id = int(input("Keyid: "))
+ # FIXME: Magic number, yuck
+ if key_id == 0 or key_id > 65535:
+ raise Mode6Exception(SERR_BADKEY)
+ except ValueError:
raise Mode6Exception(SERR_BADKEY)
self.keyid = key_id
- if not authistrusted(self.keyid):
- passwd = getpass_keytype(self.keytype);
+ passwd = getpass.getpass("%s Password: " % session.keytype.upper())
if passwd is None:
raise Mode6Exception(SERR_INVPASS)
self.passwd = passwd
- authusekey(self.keyid, self.keytype, self.passwd)
- authtrust(self.keyid, True)
# Do the encryption.
- mac = authencrypt(self.keyid, pkt);
+ mac = hashlib.new(session.keytype).digest(pkt.flatten());
if len(mac) == 0:
raise Mode6Exception(SERR_NOKEY)
else:
- pkt.extension += mac
+ pkt.extension += struct.pack("!H", self.keyid) + mac
return pkt.send()
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/746cd9336511b11ca5b4015b84ad76619fbd5eab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20161031/df11d9de/attachment.html>
More information about the vc
mailing list